What GOV.UK One Login is doing to meet the identity assurance principles
Updated 30 September 2024
© Crown copyright 2024
This publication is licensed under the terms of the Open Government Licence v3.0 except where otherwise stated. To view this licence, visit nationalarchives.gov.uk/doc/open-government-licence/version/3 or write to the Information Policy Team, The National Archives, Kew, London TW9 4DU, or email: psi@nationalarchives.gov.uk.
Where we have identified any third party copyright information you will need to obtain permission from the copyright holders concerned.
This publication is available at https://www.gov.uk/government/publications/identity-assurance-principles-for-identity-services-in-government/what-govuk-one-login-is-doing-to-meet-the-identity-assurance-principles
1. User control
We are working to give users more agency in creating, using, and sharing digital identities.
Digital identities are not created for people without their knowledge.
We only create digital identities because a user requests online access to a government service for which we are the provider of identity verification.
We justify why we need any personal information that we collect. We state the purpose and this is reviewed in our Data Protection Impact Assessment.
Personal information is shared with authoritative sources outside GOV.UK One Login so it can be checked for anomalies and validated.
We perform some digital identity assurance activities in the background, not initiated by users, to protect people from identity misuse, fraud, and theft.
If future functionality allows, personal information will be shared with third parties for convenience reasons only. This will be done on an opt-in basis, and we will gain user consent first.
We do offer alternative face-to-face mechanisms for people to prove their identity, but the end result is still the creation of a GOV.UK digital identity.
2. Transparency
We aim to be as transparent as possible, so that people trust our service.
We explain to users why we need the information we ask for.
We explain to users when their information will be checked with authoritative sources outside GOV.UK One Login.
We publish public information on what we do with personal data in technical documents and vocabularies about the data we collect, and we publish a GOV.UK One Login privacy notice.
We balance the need for transparency with our accessibility obligations. There is a risk of putting too much information in front of a user at the point of access, where they are just trying to get through to the government service they need.
We must sometimes check and share personal information with other authoritative sources without the user initiating this, for example, to meet our lawful obligations in preventing identity fraud. We always get the user’s consent for this. When this happens, where possible, we will keep users fully informed about what is happening and why.
3. Multiplicity
As GOV.UK One Login will be the single front door for many government services, there are no plans to permit a service user to gain access to those government services with a different identity provider.
We understand that in certain circumstances users might want to have more than one account and we already allow this. We have no plans to prevent users from creating more than one account.
We will explore the use cases around connecting or merging multiple accounts belonging to the same user. If we decide to support this in order to reduce the complexities and overhead of interacting with government services for some users, it would be an optional choice for the user.
Users can choose which documents and sources to provide information from in order to prove their identity, as long as they are documents and sources we trust for digital identity verification.
4. Data minimisation
We only collect, process, and share personal information where there is a genuine need and a clear purpose, and when we do, we strive to use as little personal information as possible.
When a user interacts with GOV.UK One Login, we use the minimum data necessary to meet the needs of the user or to fulfil the service’s function or obligation as set out in law.
We adopt open standards for data models from OpenID Connect and W3C. These are related to sharing data in an authentication and identity-proving context.
We collect, process, store, and share the minimum possible data, for the shortest possible time, for those purposes.
We do not hold personal information for longer than is needed. We explain why we hold onto personal information and how long for, and communicate this in published information.
We state the purpose and put that through a review process.
We use data retention periods that comply with the GOV.UK One Login privacy notice.
Where possible, we ask for and transmit a yes/no response to identity assurance questions, rather than requesting or sharing personal information.
In cases when we share personal information from an identity document with another government department, we share the minimum data (number of fields) that will uniquely distinguish that document from another. We do not share the entire document data.
We are looking at the possibilities of sharing only the confirmation of identity proved to the required level of confidence, without sharing personal information from identity documents.
In the future we will make it possible for users to share their data with other government departments and third parties if and when they want to do so.
When we need to retain records of our system activity for an indefinite period, we remove or redact as much personal information from these records as possible.
Data from authoritative sources outside GOV.UK One Login will not be duplicated at the centre.
We put in place appropriate security measures to protect users’ personal information.
Our approach to data security is informed by the work of organisations such as the 14 cloud security principles from the National Cyber Security Centre.
5. Data quality
Checks are performed on personal data accuracy at the time the user proves their identity.
We take all reasonable steps to ensure the personal information we hold is not incorrect or misleading.
We give users the opportunity to manage their personal information and update their records.
We are working towards better user control of data. In the future we will enable users to trigger updates to their personal information at any time, simply and easily. They will not need to be using a government service in order to request an update to their personal information.
We have longer-term plans to allow an authorised person to manage somebody else’s identity data and will provide updates to this document when those are in place.
If we are notified by an authoritative source outside of GOV.UK One Login that personal information is no longer up to date, we correct or erase it.
The General Data Protection Regulation (GDPR) also has requirements for data quality and accuracy that we must account for. This may mean we have a legal obligation to update data when we learn it may be incorrect or misleading - even if the user has not explicitly ‘chosen’ to update it.
6. Service user access and portability
We provide users with copies of their personal information in response to a subject access request, in a standard electronic format. Users can then move their personal information to another location and remove it from GOV.UK One Login.
Users can also change some identity attributes if they are outdated, remove their personal information, or delete their entire GOV.UK One Login. As per data processing laws, we retain an audit log for a period of time after a GOV.UK One Login is deleted.
7. Certification
GOV.UK One Login is replacing other identity assurance services that some government departments use to allow access to government services.
When government services migrate to GOV.UK One Login, this must not negatively impact accessibility.
We will assure GOV.UK One Login against the trust framework’s standards and processes, and continue to maintain and maximise access to government services for citizens while the certification standards and procedures are being developed as part of the UK digital identity and attributes trust framework.
8. Dispute resolution
We take responsibility for how we comply with GDPR and other related principles about identity and privacy. We put in place measures and retain records to demonstrate our compliance.
We engage accountable risk owners, the Department for Science, Innovation and Technology Data Protection Officer (DPO) and the Information Commissioner’s Office (ICO) through our Data Protection Impact Assessment (DPIA) processes.
We value external views of the work we’re doing and we speak to users through our user research work and to organisations like the National Cyber Security Centre and the One Login Inclusion and Privacy Advisory Group.
If a user is not satisfied with how we handle their personal information, they should contact our Data Protection team at gds-data-protection@digital.cabinet-office.gov.uk. We will make every effort to resolve their concern quickly.
If we cannot resolve their concern, or they remain unsatisfied following our efforts, a user can contact the ICO to make a complaint. We will cooperate fully with any requests from the ICO or with any further action the ICO takes to resolve the concern. Find out how the ICO handles complaints.
For any concerns that do not relate to our handling of personal information, a user should contact gds-privacy-office@digital.cabinet-office.gov.uk.
9. Exceptional circumstances
While this principle does not directly impact any process or system design choices, GOV.UK One Login operates within its legal boundaries.